A team of students built a fluid pump that takes its cues from the way squids move through water — using jet propulsion instead of traditional impellers. It’s a clever bit of biomimicry that could lead to more efficient pumping systems.
As always, this squid post is also your open thread for the security stories in the news that I haven’t covered. And there’s a big one in the comments worth highlighting.
Reader “Atomic Arch” flagged a massive supply chain attack on the Arch User Repository. Someone going by the username arojas spent what was probably a quiet afternoon methodically adopting orphaned AUR packages and injecting them with malware. By the time the community caught on, 408 packages were already compromised. By the time this post was written, that number had crossed 900 and was still climbing.
Sonatype researchers named the campaign Atomic Arch. It’s one of the largest AUR supply chain incidents on record, and the technical sophistication of the payload puts it well beyond your average package repository drive-by. The attacker used an eBPF rootkit and an infostealer targeting developers specifically.
If you maintain or consume AUR packages, this one deserves your attention. Check your dependencies.
